diff options
| author | Werner Koch <wk@gnupg.org> | 2015-05-21 16:24:36 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2015-05-21 16:52:17 +0200 |
| commit | 2bddd947fd1c11b4ec461576db65a5e34fea1b07 (patch) | |
| tree | 55279d01ace3ac8b700f030f380794fa38df5671 /tests | |
| parent | 102d68b3bd77813a3ff989526855bb1e283bf9d7 (diff) | |
| download | libgcrypt-2bddd947fd1c11b4ec461576db65a5e34fea1b07.tar.gz | |
ecc: Add key generation flag "no-keytest".
* src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag
"no-keytest". Return an error for invalid flags of length 10.
* cipher/ecc.c (nist_generate_key): Replace arg random_level by flags
set random level depending on flags.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto.
* cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and
remove var random_level.
(nist_generate_key): Implement "no-keytest" flag.
* tests/keygen.c (check_ecc_keys): Add tests for transient-key and
no-keytest.
--
After key creation we usually run a test to check whether the keys
really work. However for transient keys this might be too time
consuming and given that a failed test would anyway abort the process
the optional use of a flag to skip the test is appropriate.
Using Ed25519 for EdDSA and the "no-keytest" flags halves the time to
create such a key. This was measured by looping the last test from
check_ecc_keys() 1000 times with and without the flag.
Due to a bug in the flags parser unknown flags with a length of 10
characters were not detected. Thus the "no-keytest" flag can be
employed by all software even for libraries before this. That bug is
however solved with this version.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/keygen.c | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/tests/keygen.c b/tests/keygen.c index 4aff9c96..8b9a1d58 100644 --- a/tests/keygen.c +++ b/tests/keygen.c @@ -1,5 +1,6 @@ /* keygen.c - key generation regression tests * Copyright (C) 2003, 2005, 2012 Free Software Foundation, Inc. + * Copyright (C) 2013, 2015 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -14,8 +15,7 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * License along with this program; if not, see <http://www.gnu.org/licenses/>. */ #ifdef HAVE_CONFIG_H @@ -432,7 +432,43 @@ check_ecc_keys (void) show_sexp ("ECC key:\n", key); check_generated_ecc_key (key); + gcry_sexp_release (key); + + + if (verbose) + show ("creating ECC key using curve Ed25519 for ECDSA (transient-key)\n"); + rc = gcry_sexp_build (&keyparm, NULL, + "(genkey(ecc(curve Ed25519)(flags transient-key)))"); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating ECC key using curve Ed25519 for ECDSA" + " (transient-key): %s\n", + gpg_strerror (rc)); + if (verbose > 1) + show_sexp ("ECC key:\n", key); + check_generated_ecc_key (key); + gcry_sexp_release (key); + if (verbose) + show ("creating ECC key using curve Ed25519 for ECDSA " + "(transient-key no-keytest)\n"); + rc = gcry_sexp_build (&keyparm, NULL, + "(genkey(ecc(curve Ed25519)" + "(flags transient-key no-keytest)))"); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating ECC key using curve Ed25519 for ECDSA" + " (transient-key no-keytest): %s\n", + gpg_strerror (rc)); + if (verbose > 1) + show_sexp ("ECC key:\n", key); + check_generated_ecc_key (key); gcry_sexp_release (key); } |